[src/netbsd-8]: src/usr.sbin/veriexecgen Pull up following revision(s) (reque...

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/73b52c90923b
branches:  netbsd-8
changeset: 851022:73b52c90923b
user:      snj <snj%NetBSD.org@localhost>
date:      Mon Sep 11 05:27:19 2017 +0000

description:
Pull up following revision(s) (requested by sevan in ticket #272):
        usr.sbin/veriexecgen/veriexecgen.c: 1.18
        usr.sbin/veriexecgen/veriexecgen.8: 1.18-1.19
Remove the ability to generate a signature database with the hash algorithms
MD5, SHA1 & RMD160 which are either broken or on their way to being broken.
Discussed on tech-security
http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html
ok riastradh
--
Fix enumeration.

diffstat:

 usr.sbin/veriexecgen/veriexecgen.8 |  13 +++++--------
 usr.sbin/veriexecgen/veriexecgen.c |  10 ++--------
 2 files changed, 7 insertions(+), 16 deletions(-)

diffs (89 lines):

diff -r 547164124776 -r 73b52c90923b usr.sbin/veriexecgen/veriexecgen.8
--- a/usr.sbin/veriexecgen/veriexecgen.8        Mon Sep 11 05:25:20 2017 +0000
+++ b/usr.sbin/veriexecgen/veriexecgen.8        Mon Sep 11 05:27:19 2017 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexecgen.8,v 1.17 2011/04/28 11:24:28 wiz Exp $
+.\" $NetBSD: veriexecgen.8,v 1.17.36.1 2017/09/11 05:27:19 snj Exp $
 .\"
 .\" Copyright (c) 2006 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 18, 2008
+.Dd September 9, 2017
 .Dt VERIEXECGEN 8
 .Os
 .Sh NAME
@@ -102,13 +102,10 @@
 .Ar algorithm
 for the fingerprints.
 Must be one of
-.Dq md5 ,
-.Dq sha1 ,
 .Dq sha256 ,
 .Dq sha384 ,
-.Dq sha512 ,
 or
-.Dq rmd160 .
+.Dq sha512 .
 .It Fl v
 Verbose mode.
 Print messages describing what operations are being done.
@@ -147,11 +144,11 @@
 .Pp
 Fingerprint files in
 .Pa /path/to/somewhere using
-.Dq rmd160
+.Dq sha512
 as the hashing algorithm, saving to
 .Pa /etc/somewhere.fp :
 .Bd -literal -offset indent
-# veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp
+# veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp
 .Ed
 .Sh SEE ALSO
 .Xr veriexec 4 ,
diff -r 547164124776 -r 73b52c90923b usr.sbin/veriexecgen/veriexecgen.c
--- a/usr.sbin/veriexecgen/veriexecgen.c        Mon Sep 11 05:25:20 2017 +0000
+++ b/usr.sbin/veriexecgen/veriexecgen.c        Mon Sep 11 05:27:19 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $ */
+/* $NetBSD: veriexecgen.c,v 1.17.38.1 2017/09/11 05:27:19 snj Exp $ */
 
 /*-
  * Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
 
 #ifndef lint
 #ifdef __RCSID
-__RCSID("$NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $");
+__RCSID("$NetBSD: veriexecgen.c,v 1.17.38.1 2017/09/11 05:27:19 snj Exp $");
 #endif
 #endif /* not lint */
 
@@ -57,10 +57,7 @@
 #include <unistd.h>
 #include <util.h>
 
-#include <md5.h>
-#include <sha1.h>
 #include <sha2.h>
-#include <rmd160.h>
 
 #define IS_EXEC(mode) ((mode) & (S_IXUSR | S_IXGRP | S_IXOTH))
 
@@ -100,12 +97,9 @@
 
 /* define the possible hash algorithms */
 static hash_t   hashes[] = {
-       { "MD5", MD5File },
-       { "SHA1", SHA1File },
        { "SHA256", SHA256_File },
        { "SHA384", SHA384_File },
        { "SHA512", SHA512_File },
-       { "RMD160", RMD160File },
        { NULL, NULL },
 };